• Journal of the Institute of Electronics and Information Engineers
• /
• v.50 no.9
• /
• pp.21-31
• /
• 2013

A ciphertext policy-attribute based encryption(CP-ABE) scheme can be used to realize access control mechanism without a trusted server. We propose an attribute-based access control mechanism by incorporating a CP-ABE scheme to ensure only authorized users can access the sensitive data. The idea of CP-ABE is to include access control policy in the ciphertexts, in which they can only be decrypted if a user possesses attributes that pass through the ciphertext's access structure. In this paper, we prove a secure CP-ABE scheme where the policy can be expressed in non-monotonic access structures. We further compare the performance of our scheme with the existing CP-ABE schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.11 no.4
• /
• pp.2292-2309
• /
• 2017

Ciphertext policy attribute-based encryption (CP-ABE) is a useful cryptographic technology for guaranteeing data confidentiality but also fine-grained access control. Typically, CP-ABE can be divided into two classes: small universe with polynomial attribute space and large universe with unbounded attribute space. Since the learning with errors over rings (R-LWE) assumption has characteristics of simple algebraic structure and simple calculations, based on R-LWE, we propose a small universe CP-ABE scheme to improve the efficiency of the scheme proposed by Zhang et al. (AsiaCCS 2012). On this basis, to achieve unbounded attribute space and improve the expression of attribute, we propose a large universe CP-ABE scheme with the help of a full-rank differences function. In this scheme, all polynomials in the R-LWE can be used as values of an attribute, and these values do not need to be enumerated at the setup phase. Different trapdoors are used to generate secret keys in the key generation and the security proof. Both proposed schemes are selectively secure in the standard model under R-LWE. Comparison with other schemes demonstrates that our schemes are simpler and more efficient. R-LWE can obtain greater efficiency, and unbounded attribute space means more flexibility, so our research is suitable in practices.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.11
• /
• pp.4028-4049
• /
• 2014

Attribute-based encryption (ABE) is a promising cryptographic primitive for implementing fine-grained data sharing in cloud computing. However, before ABE can be widely deployed in practical cloud storage systems, a challenging issue with regard to attributes and user revocation has to be addressed. To our knowledge, most of the existing ABE schemes fail to support flexible and direct revocation owing to the burdensome update of attribute secret keys and all the ciphertexts. Aiming at tackling the challenge above, we formalize the notion of ciphertext-policy ABE supporting flexible and direct revocation (FDR-CP-ABE), and present a concrete construction. The proposed scheme supports direct attribute and user revocation. To achieve this goal, we introduce an auxiliary function to determine the ciphertexts involved in revocation events, and then only update these involved ciphertexts by adopting the technique of broadcast encryption. Furthermore, our construction is proven secure in the standard model. Theoretical analysis and experimental results indicate that FDR-CP-ABE outperforms the previous revocation-related methods.

• Journal of information and communication convergence engineering
• /
• v.10 no.1
• /
• pp.53-60
• /
• 2012

Attribute-based encryption (ABE) is an encryption scheme in which the user is able to decrypt a ciphertext with associated attributes. However, the scheme does not offer the capability of decryption to others when the user is offline. For this reason, the attribute-based proxy re-encryption (ABPRE) scheme was proposed, which combines traditional proxy re-encryption with ABE, so a user is able to empower designated users to decrypt the re-encrypted ciphertext with the associated attributes of designated users. However, previous ABPRE schemes demands a number of pairing operations that imply huge computational overhead. To reduce the number of pairing operations, we reduce the pairing operations with exponent operations. This paper provides a novel approach to an ABPRE scheme with constant pairing operation latency.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.12 no.10
• /
• pp.5100-5119
• /
• 2018

Most of existing privacy-preserving multi-authorities attribute-based encryption schemes (PP-MA-ABE) only considers the privacy of the user identity (ID). However, in many occasions information leakage is caused by the disclosing of his/her some sensitive attributes. In this paper, we propose a collusion-resisting ciphertext-policy PP-MA-ABE (CRPP-MACP-ABE) scheme with hiding both user's ID and attributes in the cloud storage system. We present a method to depict anonymous users and introduce a managerial role denoted by IDM for the management of user's anonymous identity certificate ($AID_{Cred}$). The scheme uses $AID_{Cred}$ to realize privacy-preserving of the user, namely, by verifying which attribute authorities (AAs) obtain the blinded public attribute keys, pseudonyms involved in the $AID_{Cred}$ and then distributes corresponding private keys for the user. We use different pseudonyms of the user to resist the collusion attack launched by viciousAAs. In addition, we utilize IDM to cooperate with multiple authorities in producing consistent private key for the user to avoid the collusion attack launched by vicious users. The proposed CRPP-MACP-ABE scheme is proved secure. Some computation and communication costs in our scheme are finished in preparation phase (i.e. user registration). Compared with the existing schemes, our scheme is more efficient.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.1
• /
• pp.323-342
• /
• 2021

Personal health records (PHRs) is an electronic medical system that enables patients to acquire, manage and share their health data. Nevertheless, data confidentiality and user privacy in PHRs have not been handled completely. As a fine-grained access control over health data, ciphertext-policy attribute-based encryption (CP-ABE) has an ability to guarantee data confidentiality. However, existing CP-ABE solutions for PHRs are facing some new challenges in access control, such as policy privacy disclosure and dynamic policy update. In terms of addressing these problems, we propose a privacy protection and dynamic share system (PPADS) based on CP-ABE for PHRs, which supports full policy hiding and flexible access control. In the system, attribute information of access policy is fully hidden by attribute bloom filter. Moreover, data user produces a transforming key for the PHRs Cloud to change access policy dynamically. Furthermore, relied on security analysis, PPADS is selectively secure under standard model. Finally, the performance comparisons and simulation results demonstrate that PPADS is suitable for PHRs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.1
• /
• pp.145-164
• /
• 2023

Cloud computing offers a platform that is both adaptable and scalable, making it ideal for outsourcing data for sharing. Various organizations outsource their data on cloud storage servers for availing management and sharing services. When the organizations outsource the data, they lose direct control on the data. This raises the privacy and security concerns. Cryptographic encryption methods can secure the data from the intruders as well as cloud service providers. Data owners may also specify access control policies such that only the users, who satisfy the policies, can access the data. Attribute based access control techniques are more suitable for the cloud environment as they cover large number of users coming from various domains. Multi-authority attribute-based encryption (MA-ABE) technique is one of the propitious attribute based access control technique, which allows data owner to enforce access policies on encrypted data. The main aim of this paper is to comprehensively survey various state-of-the-art MA-ABE schemes to explore different features such as attribute and key management techniques, access policy structure and its expressiveness, revocation of access rights, policy updating techniques, privacy preservation techniques, fast decryption and computation outsourcing, proxy re-encryption etc. Moreover, the paper presents feature-wise comparison of all the pertinent schemes in the field. Finally, some research challenges and directions are summarized that need to be addressed in near future.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.20 no.1
• /
• pp.55-60
• /
• 2020

In this paper, we propose an access control system using cryptography as a method to protect personal data in public blockchain. The proposed system is designed to encrypt data according to the access policy, store it in the blockchain, and decrypt only the person who satisfy the access policy. In order to improve performance and scalability, an encryption mechanism is implemented outside the blockchain. Therefore, data access performance could be preserved while cryptographic operations executed Furthermore it can also improve the scalability by adding new access control modules while preserving the current configuration of blockchain network. The encryption scheme is based on the attribute-based encryption (ABE). However, unlike the traditional ABE, the "retention period", is incorporated into the access structure to ensure the right to be forgotten. In addition, symmetric key cryptograpic algorithms are used for the performance of ABE. We implemented the proposed system in a public blockchain and conducted the performance evaluation.

• Bulletin of the Korean Mathematical Society
• /
• v.46 no.4
• /
• pp.803-819
• /
• 2009

In classical encryption schemes, data is encrypted under a single key that is associated with a user or group. In Ciphertext-Policy Attribute-Based Encryption(CP-ABE) keys are associated with attributes of users, given to them by a central trusted authority, and data is encrypted under a logical formula over these attributes. We extend this idea to the case where an arbitrary number of independent parties can be present to maintain attributes and their corresponding secret keys. We present a scheme for multi-authority CP-ABE, propose the first two constructions that fully implement the scheme, and prove their security against chosen plaintext attacks.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.15 no.9
• /
• pp.3401-3420
• /
• 2021

We provide a traceable ciphertext-policy attribute based encryption (CP-ABE) construction for monotone access structures (MAS) based on composite order bilinear groups, which is secure adaptively under the standard model. We construct this scheme by making use of an "encoding technique" which represents the MAS by their minimal sets to encrypt the messages. To date, for all traceable CP-ABE schemes, their encryption costs grow linearly with the MAS size, the decryption costs grow linearly with the qualified rows in the span programs. However, in our traceable CP-ABE, the ciphertext is linear with the minimal sets, and decryption needs merely three bilinear pairing computations and two exponent computations, which improves the efficiency extremely and has constant decryption. At last, the detailed security and traceability proof is given.